#1073 - wip

LDO-CERT · Apr 4, 2024 · 47caca8 · 47caca8
1 parent fdc3f50
commit 47caca8
Show file tree

Hide file tree

Showing 29 changed files with 660 additions and 889 deletions.
diff --git a/config/api_router.py b/config/api_router.py
diff --git a/config/settings/base.py b/config/settings/base.py
@@ -68,9 +68,6 @@
     "guardian",
     "widget_tweaks",
     "django_json_widget",
-    "rest_framework",
-    "rest_framework.authtoken",
-    "drf_yasg",
     "django_admin_listfilter_dropdown",
     "django_admin_multiple_choice_list_filter",
 ]
@@ -296,17 +293,6 @@
     )
     AUTH_LDAP_USER_ATTR_MAP = env.dict("AUTH_LDAP_USER_ATTR_MAP")
 
-# REST FRAMEWORK
-# -------------------------------------------------------------------------------
-REST_FRAMEWORK = {
-    "DEFAULT_AUTHENTICATION_CLASSES": (
-        "rest_framework.authentication.SessionAuthentication",
-        "rest_framework.authentication.TokenAuthentication",
-    ),
-    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
-    "TEST_REQUEST_DEFAULT_FORMAT": "json",
-}
-
 # django-cors-headers - https://github.com/adamchainz/django-cors-headers#setup
 CORS_URLS_REGEX = r"^/api/.*$"
 CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS")

diff --git a/config/urls.py b/config/urls.py
@@ -2,12 +2,10 @@
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
-from django.urls import include, path, re_path
+from django.urls import include, path
 from django.views import defaults as default_views
-from drf_yasg import openapi
-from drf_yasg.views import get_schema_view
-from rest_framework import permissions
-from rest_framework.authtoken.views import obtain_auth_token
+
+from orochi.api.api import api
 
 # DJANGO VIEWS
 urlpatterns = [
@@ -22,31 +20,9 @@
     urlpatterns += staticfiles_urlpatterns()
 
 # API URLS
-urlpatterns += [
-    path("api/", include("config.api_router")),
-    path("auth-token/", obtain_auth_token),
-]
-
-# SWAGGER
-schema_view = get_schema_view(
-    openapi.Info(title="Orochi API", default_version="v1"),
-    public=True,
-    permission_classes=(permissions.AllowAny,),
-)
-urlpatterns += [
-    re_path(
-        r"^swagger(?P<format>\.json)$",
-        schema_view.without_ui(cache_timeout=0),
-        name="schema-json",
-    ),
-    path(
-        r"swagger/",
-        schema_view.with_ui("swagger", cache_timeout=0),
-        name="schema-swagger-ui",
-    ),
-    path(r"redoc/", schema_view.with_ui("redoc", cache_timeout=0), name="schema-redoc"),
-]
+urlpatterns += [path("api/", api.urls)]
 
+# DEBUG
 if settings.DEBUG:
     urlpatterns += [
         path(

diff --git a/examples/local_api.ipynb b/examples/local_api.ipynb
@@ -6,11 +6,14 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "import json\n",
     "import getpass\n",
     "from requests import Session\n",
     "from pprint import pprint\n",
+    "import urllib3\n",
+    "urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n",
     "\n",
-    "url = \"http://127.0.0.1\"\n",
+    "url = \"https://localhost\"\n",
     "user = input()\n",
     "password = getpass.getpass()"
    ]
@@ -29,15 +32,26 @@
    "outputs": [],
    "source": [
     "session = Session()\n",
+    "\n",
+    "first = session.get(f\"{url}\", verify=False)\n",
+    "csrftoken = first.cookies[\"csrftoken\"]\n",
+    "\n",
+    "data = json.dumps(\n",
+    "    {\"username\": user, \"password\": password, \"csrfmiddlewaretoken\": csrftoken}\n",
+    ")\n",
+    "\n",
+    "headers = {\n",
+    "    \"X-CSRFToken\": first.headers[\"Set-Cookie\"].split(\"=\")[1].split(\";\")[0],\n",
+    "    \"Referer\": url,\n",
+    "    \"X-Requested-With\": \"XMLHttpRequest\",\n",
+    "}\n",
+    "\n",
     "req = session.post(\n",
-    "    f\"{url}/auth-token/\", \n",
-    "    data={\"username\": user, \"password\": password}\n",
+    "    f\"{url}/api/auth/\", data=data, cookies=first.cookies, verify=False, headers=headers\n",
     ")\n",
     "if req.status_code != 200:\n",
-    "    print(req.json())\n",
-    "    exit(1)\n",
-    "token = req.json()[\"token\"]\n",
-    "session.headers[\"Authorization\"] = f\"Token {token}\""
+    "    print(req.text)\n",
+    "    exit(1)"
    ]
   },
   {
@@ -71,14 +85,16 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "files = {'upload': open('/home/DATA/AMF_MemorySamples/linux/sorpresa.zip','rb')}\n",
     "values = {'operating_system': 'Linux', 'name': 'sorpresa'}\n",
     "res = session.post(f\"{url}/api/dumps/\", files=files, data=values)\n",
     "if res.status_code == 200:\n",
     "    pprint(res.json())\n",
     "    dump_pk = res.json()[\"pk\"]\n",
     "else:\n",
-    "    print(res.status_code)"
+    "    print(res.status_code)\n",
+    "\"\"\""
    ]
   },
   {
@@ -94,6 +110,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "# This code requires a file on the server in the folder specified in the LOCAL_UPLOAD_PATH\n",
     "# settings folder\n",
     "\n",
@@ -105,7 +122,8 @@
     "if res.status_code == 200:\n",
     "    pprint(res.json())\n",
     "else:\n",
-    "    print(res.status_code)"
+    "    print(res.status_code)\n",
+    "\"\"\""
    ]
   },
   {
@@ -121,7 +139,12 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "res = session.get(f\"{url}/api/plugin/\")\n",
+    "res = session.get(f\"{url}/api/plugins/\")\n",
+    "if res.status_code == 200:\n",
+    "    plugins = res.json()\n",
+    "    print(f\"{len(plugins)} plugins found\")\n",
+    "    pprint(plugins[0])\n",
+    "res = session.get(f\"{url}/api/plugins/?operating_system=Other\")\n",
     "if res.status_code == 200:\n",
     "    plugins = res.json()\n",
     "    print(f\"{len(plugins)} plugins found\")\n",
@@ -141,11 +164,13 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "res = session.get(f\"{url}/api/dumps/{dump_pk}/results/\")\n",
     "if res.status_code == 200:\n",
     "    pprint(res.json())\n",
     "    result_pk = [x['pk'] for x in res.json() if x['plugin'] == 'linux.pslist.PsList'][0]\n",
-    "    print(res.status_code)"
+    "    print(res.status_code)\n",
+    "\"\"\""
    ]
   },
   {
@@ -161,11 +186,13 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "res = session.post(f\"{url}/api/dumps/{dump_pk}/results/{result_pk}/resubmit/\", data={'parameter': {'dump': True}})\n",
     "if res.status_code == 200:\n",
     "    pprint(res.json())\n",
     "else:\n",
-    "    print(res.status_code)"
+    "    print(res.status_code)\n",
+    "\"\"\""
    ]
   },
   {
@@ -181,6 +208,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "status = 'Running'\n",
     "while status != 'Success':\n",
     "    res = session.get(f\"{url}/api/dumps/{dump_pk}/results/{result_pk}/\")\n",
@@ -189,7 +217,8 @@
     "        pprint(status)\n",
     "    else:\n",
     "        print(res.status_code)\n",
-    "        break"
+    "        break\n",
+    "\"\"\""
    ]
   },
   {
@@ -205,11 +234,13 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "res = session.get(f\"{url}/api/dumps/{dump_pk}/results/{result_pk}/result\")\n",
     "if res.status_code == 200:\n",
     "    pprint(len(res.json()))\n",
     "else:\n",
-    "    print(res.status_code)"
+    "    print(res.status_code)\n",
+    "\"\"\""
    ]
   },
   {
@@ -225,10 +256,12 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "\"\"\" TODO\n",
     "import pandas as pd\n",
     "import pygwalker as pyg\n",
     "df = pd.DataFrame.from_records(res.json())\n",
-    "walker = pyg.walk(df)"
+    "walker = pyg.walk(df)\n",
+    "\"\"\""
    ]
   }
  ],
@@ -248,7 +281,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.10.13"
+   "version": "3.10.8"
   }
  },
  "nbformat": 4,

diff --git a/orochi/api/api.py b/orochi/api/api.py
@@ -0,0 +1,16 @@
+from ninja import NinjaAPI
+
+from orochi.api.routers.auth import router as auth_router
+from orochi.api.routers.dumps import router as dumps_router
+from orochi.api.routers.folders import router as folders_router
+from orochi.api.routers.plugins import router as plugins_router
+from orochi.api.routers.users import router as users_router
+from orochi.api.routers.utils import router as utils_router
+
+api = NinjaAPI(csrf=True, title="Orochi API", urls_namespace="api")
+api.add_router("/auth/", auth_router, tags=["Auth"])
+api.add_router("/users/", users_router, tags=["Users"])
+api.add_router("/folders/", folders_router, tags=["Folders"])
+api.add_router("/dumps/", dumps_router, tags=["Dumps"])
+api.add_router("/plugins/", plugins_router, tags=["Plugins"])
+api.add_router("/utils/", utils_router, tags=["Utils"])
diff --git a/orochi/api/filters.py b/orochi/api/filters.py
@@ -0,0 +1,18 @@
+from enum import Enum
+
+from ninja import Schema
+
+
+class OPERATING_SYSTEM(str, Enum):
+    WINDOWS = "Windows"
+    LINUX = "Linux"
+    MAC = "Mac"
+    OTHER = "Other"
+
+
+class OperatingSytemFilters(Schema):
+    operating_system: OPERATING_SYSTEM = None
+
+
+class DumpFilters(Schema):
+    result: int = None